Hey Sonar Community!
What a week! @ganncamp has been on holiday all week (well-deserved), so I’ve been holding down the fort with @leith.darawsheh. Weeks like this make me so happy that @ganncamp and I are usually a team serving this community together.
I first interacted with Ann on the SonarQube Google Groups in 2017 when I was just a (22-year old) SonarQube admin looking for a mapping of FxCop rules to SonarC# rules.
Ann, who wrote the book on SonarQube, has been at Sonar for more than a decade, with just about every job you can imagine (writing user stories, defining rules, serving as SonarQube Product Manager, and then Product Marketing Manager) before joining me as the first full-time Community Managers at Sonar in late 2021.
Ann actually passed my name along to a Sonar recruiter back in 2018. Now, I live in Switzerland, speak French, and only see my mother once a year. Life is funny.
Okay, enough nostalgia.
We’re grateful when you take the time to contribute to our community, so like every week we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.
SonarCloud:
-
SonarCloud performance took a hit this morning, to the point where the line between “laggy” and “simply not working at all” got really blurred. It’s fixed now. Thanks for the reports @patrickvol, @madyatma, @sebastianhaeni, @ssswwwlll, @diegofrafer, and @semihbahadir!
-
@varunverma and @mbastardo.excentia alerted us to some annoying error pop-ups when browsing projects in unbound organizations. We got a fix deployed for that on Monday. Thanks for the reports!
SonarQube:
-
Shoutout to @Lexy_Zhitenev for pointing out a bug when a user logs in with a redirect URL that contains a “?” character. SONAR-22329
-
When restoring quality profiles from an XML backup, two “Close” buttons are shown. Whoops! Thanks @aravindnss. SONAR-22332
-
Recently we updated the SonarScanner CLI Docker image to no longer use
rootin the image. This affected how SSL certs get installed. Thanks @xavier! SCANDOCKER-28 -
Thanks @Eric_Wyles for improving our Helm Chart to allow overrides for livenessProbe and readinessProbe actions through helm values. Great contribution!
SonarLint:
-
Analysis in CLion on Windows does not work in the latest release. Thanks @yayou for the great reproducer. SLI-1436
-
SonarLint for IntelliJ is starting too many background tasks when files aren’t ready to be analyzed. Thanks for the report @jaf! SLI-1434
Rule & Languages Improvements:
-
typescript:S4328isn’t handling query parameters in import paths, leading to false-positives. Thanks @Ihor_Ionashku! JS-168 -
With the FluentValidation library,
csharpsquid:S6966has a lot of false-positives. We’ll fix that with SonarSource/sonar-dotnet #9339. Thanks @evalann! -
web:S6840should include an exception forv-text-field. Thanks for the report @Sebastiano_Manfredin! SONARHTML-253 -
azureresourcemanager:S6949should not raise for the location “Global” (it’s okay for this one to be hardcoded). Thanks @vedion! SONARIAC-1491 -
Shoutout to @jeremy-rifkin for reporting (and providing an excellent reproducer through compiler explorer) a false-positive on
cpp:S836. CPP-5358 -
java:S6909should not report on constants set in conditional blocks. Thanks @OlliL! SONARJAVA-5018 -
A report by @adambir prompted us to make an internal ticket to investigate supporting Jasypt in our secrets detection. Thanks!
-
java:S3457isn’t raising issues when Lombok @Slf4j is used. Maybe we can improve this. Thanks @lbenedetto! SONARJAVA-5014
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.
@Colin, @ganncamp, and @leith.darawsheh